package cn.seaboot.admin.security.context;

import cn.seaboot.admin.security.login.PasswordHelper;
import cn.seaboot.admin.user.bean.User;
import cn.seaboot.admin.user.context.AuthorityContext;
import cn.seaboot.admin.user.service.UserDeptService;
import cn.seaboot.admin.user.service.UserService;
import cn.seaboot.commons.exception.BizException;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 * 鉴权上下文，
 * <p>
 * 不同框架下，这些常规操作的写法，可能完全不同，用于处理登录相关的功能
 *
 * @author Mr.css
 * @version 2022-06-01 17:21
 */
@Service
public class SecurityAuthorityContext implements AuthorityContext {
    private final Logger logger = LoggerFactory.getLogger(AuthorityContext.class);

    @Resource
    private UserDeptService userGroupService;

    @Resource
    private UserService userService;

    @Resource
    private PasswordHelper passwordHelper;

    /**
     * 登录，这里直接禁用
     *
     * @param request  request
     * @param response response
     * @param user     用户
     */
    @Override
    public void login(HttpServletRequest request, HttpServletResponse response, User user) {
        throw new BizException("security can not login with this method!");
    }

    /**
     * 登出
     *
     * @param request  request
     * @param response response
     * @param user     用户
     */
    @Override
    public void logout(@NotNull HttpServletRequest request, HttpServletResponse response, User user) {
        Assert.notNull(request, "HttpServletRequest is required!");
        HttpSession session = request.getSession(false);
        if (session != null) {
            logger.debug("Invalidating session: " + session.getId());
            session.invalidate();
        }
        SecurityContext context = SecurityContextHolder.getContext();
        context.setAuthentication(null);
        SecurityContextHolder.clearContext();
    }


    /**
     * 生成密码，用于账号注册
     *
     * @param user     用户
     * @param password 密码
     */
    @Override
    public void generatePassword(User user, String password) {
        String salt = passwordHelper.createPasswordSalt(user.getAccount());
        String digest = passwordHelper.getPasswordDigest(password, salt);
        user.setPasswordSalt(salt);
        user.setPassword(digest);
    }

    /**
     * 验证密码是否与用户匹配
     *
     * @param user     用户
     * @param password 密码
     * @throws BizException 账号或密码错误
     */
    @Override
    public void matchPassword(User user, String password) throws BizException {
        if (!passwordHelper.matches(password, user.getPassword(), user.getPasswordSalt())) {
            throw new BizException("password was wrong!");
        }
    }
}
